Server racks

Security and Privacy

Our Security and Privacy Practices

Graphic of clouds and Documents

Security By Design

Trust is one of JNCTN’s key pillars. Excellent security and privacy practices are crucial to build trust, and we strive to achieve this by continuously training people, developing sound processes and integrating security and privacy into our products from the ground up.

Privacy

We take privacy extremely seriously. We only collect personal information we need, protect it carefully during its lifecycle, process it for what has been approved and discard it when it’s not required anymore. Our platform privacy statement and website privacy statement give more details about data and rights.

JNCTN Platform

Privacy

Our platform is designed to offer excellent privacy for individuals, putting them in control of their data, what they are sharing and with whom.

Security

Data is always encrypted at rest and in transit. JNCTN accounts can be protected with multi-factor authentication (MFA). Access is monitored 24/7 and any suspicious activity is investigated promptly.

Administration

Our platform offers role-based access control (RBAC), giving granularity and allowing organisations to implement key security principles, such as the principle of least-privilege.

Infrastructure

Infrastructure Security

The JNCTN platform is cloud-only, built as code, and designed to be secured from the ground up using serverless technology, in line with the Microsoft Azure Well-Architected Framework. All resources in our infrastructure are protected and monitored by Microsoft’s tools, such as Azure Defender.

Access Control

Access controls are paramount in cloud-based environments. We use dedicated accounts protected with phishing-resistant multi-factor authentication (MFA) to access the production environments. We also have additional controls to secure access, such as conditional access, rate-limiting, and other risk indicators.

Data Security and Encryption

JNCTN implements encryption in transport (HTTPS using TLS1.2+) and at rest for all data (typically AES-based), using strong encryption and disabling all deprecated protocols to always ensure the strongest protection possible.

Logging and Monitoring

All actions are logged and evaluated by Azure’s security tools. Our security operations centre (SOC) monitors our environments 24/7 and any suspicious activity will be immediately triaged and investigated.

Availability and Redundancy

Serices run from multiple locations to ensure high-availability and redundancy in case of a failure. Data is stored on redundant storage, in redundant locations, and is backed up regularly. It is only stored in SOC 2 compliant Azure data centres.

Network Security, Physical Security and Environmental Controls

JNCTN leverages the power of Microsoft Azure to ensure elevated levels of security and redundancy. We use firewalls, network access controls and other techniques designed to prevent unauthorized access to systems processing or storing data.

Operations

Secure Operations, Monitoring and System Response

All operations staff use workstations secured using Microsoft advanced threat protection, with remote access controlled by MFA, conditional access, and Privileged Identity Management (PIM). They can securely monitor and maintain the environment 24/7, from any location.

Business Continuity Manangement

JNCTN can operate in a decentralized fashion, with all staff able to securely work from home or another office, as and when required. We have tested business continuity plans to cover the top scenarios such as infrastructure outages, natural disasters, etc.

Vulnerability Management & Penetration Testing

We continuously monitor our code, infrastructure and services for known vulnerabilities. We also run 3rd party independent penetration tests at least every 12 months. This allows us to stay ahead and continue to improve our platform security. We also encourage responsible disclosure. We take all reports extremely seriously and will endeavor to fix reported issues promptly.

Secure Development

Our DevOps teams adhere to our Secure Systems Development Life Cycle (SSDLC), ensuring that security is incorporated from the inception of a new project and continued throughout the entire life of the system. Our Secure SDLC promotes good practices such as OWASP and aims to offer rapid feedback with automation of security tests. All changes must go through our change control, quality assurance processes, and pass our security checks, before being deployed to production environments.

Compliance with industry and regulatory standards

JNCTN is striving to meet and exceed industry and government good practices. For example, we follow the requirements of Azure Security Benchmarks (Technology), OWASP (Development) and ISO/IEC 27001:2013 (Governance and Compliance). We meet the requirements of the New Zealand Privacy Act 2020 and other relevant NZ Laws. We also abide by the European General Data Protection Regulation (GDPR). JNCTN is also following advice and guidance from the relevant government agencies such as New Zealand’s CERT and National Cyber Security Centre (NCSC), US Cybersecurity & Infrastructure Security Agency (CISA) and UK National Cyber Security Centre (NCSC)

Get started with JNCTN

Schedule a demo